I have a logonid with PROGRAM(IEBEDIT), RESTRICT and SUBAUTH attributes. The program IEBEDIT is in an APF authorized library. Why am I getting the ACF01008 UNAUTHORIZED INPUT SOURCE FOR LOGONID message when submitting a job with this logonid?

The ACF01008 message is an indication that the specified logonid (lid) is marked for authorized program submission only and the submitting program is NOT APF-authorized.

Solution:

The SUBAUTH logonid attribute indicates that jobs that specify this logonid can be submitted only through APF-authorized programs. You must also specify the RESTRICT field for this logonid. Most sites also specify the PROGRAM or PGM fields for logonids with the SUBAUTH privilege to indicate that this logonid can only submit jobs using a specified program.

Sites should be aware that "submitted only through APF-authorized programs" includes the requirement that the specified program be linked with AC=1, resides in an APF authorized library and, if specified in a concatenated DD (e.g. STEPLIB), all libraries within the concatenation are also APF authorized. If the submitting module is NOT linked AC=1 then the module is not considered APF authorized and the JSCBAUTH bit is not set in the JSCB (JOB STEP CONTROL BLOCK) even though the library the module is loaded from is APF authorized.

Details on the logonid Submission Control RESTRICT, PROGRAM and SUBAUTH attributes can be found in the CA ACF2? for z/OS Administrator Guide, in Chapter 3: Maintaining Logonid Records, section "Logonid Record Fields".